43 lines
1.3 KiB
YAML
43 lines
1.3 KiB
YAML
---
|
|
|
|
# We must enable IP forwarding for hosts that advertise routes or are exit nodes
|
|
# https://tailscale.com/kb/1104/enable-ip-forwarding
|
|
# https://docs.ansible.com/ansible/latest/collections/ansible/posix/sysctl_module.html
|
|
# https://tailscale.com/kb/1019/subnets
|
|
|
|
# rename the ugly "item.value" of the outer loop to something more workable
|
|
- name: Rename value var from outer loop
|
|
ansible.builtin.set_fact:
|
|
tsnet: "{{ item.value }}"
|
|
|
|
- name: Enable IPv4 forwarding for hosts that advertise routes or exit nodes
|
|
ansible.posix.sysctl:
|
|
name: net.ipv4.ip_forward
|
|
value: '1'
|
|
state: present
|
|
reload: yes
|
|
sysctl_set: yes
|
|
loop: "{{ tsnet }}"
|
|
loop_control:
|
|
loop_var: tshost
|
|
when:
|
|
- inventory_hostname == tshost.host
|
|
- >
|
|
tshost.args.find("advertise-routes") != -1 or
|
|
tshost.args.find("advertise-exit-node") != -1
|
|
|
|
- name: Enable IPv6 forwarding for hosts that advertise routes or exit nodes
|
|
ansible.posix.sysctl:
|
|
name: net.ipv6.conf.all.forwarding
|
|
value: '1'
|
|
state: present
|
|
reload: yes
|
|
sysctl_set: yes
|
|
loop: "{{ tsnet }}"
|
|
loop_control:
|
|
loop_var: tshost
|
|
when:
|
|
- inventory_hostname == tshost.host
|
|
- >
|
|
tshost.args.find("advertise-routes") != -1 or
|
|
tshost.args.find("advertise-exit-node") != -1
|